Back to the (Virtual) Future

Not content to sit on its technology lead in the virtualization market, VMware Inc. has ambitious plans to push its products further onto the razor's edge. The twist, however, is that it plans to do so by turning the clock back to the days of Henry Ford, the Model-T and assembly-line manufacturing.

As strange as that sounds, it's not a contradiction. At its annual VMworld conference held in September, company officials laid out their vision, making the Virtual Datacenter Operating System (VDC-OS) its cornerstone. If everything works out the way VMware envisions, it could forever change the way IT administrators manage their networks.

When it comes to IT management, there tends to be "a lot of heavy lifting," says Bogomil Balkansky, VMware's senior director of product marketing. "Whatever operation you need to perform, it still tends to be a very manual, very custom, one-step-at-a-time process," he says.

Back to the Future
Not so with VDC-OS, which Balkansky describes as something out of that era when "Henry Ford introduced automation to the manufacturing world."

Balkansky continues the analogy, saying, "We're transitioning from swinging hammers to pushing buttons. The focus becomes what needs to happen, not spending the majority of your time executing it and making it happen. Ford introduced speed and efficiency and predictability to the [manufacturing] process." Those same elements characterize VDC-OS, he says.

The first step toward understanding VDC-OS is to properly define the term. It's not a product, but rather a category of software -- a generic term for a flexible, agile data center. "Just like 'operating system' is a category no one owns, [VDC-OS] is a category," Balkansky says. "The brand name continues to be VMware Virtual Infrastructure [VI]." Balkansky compares it to the "operating system" being the category and Windows and Linux being brands within the category. "VDC-OS is the category, VI is the product," Balkansky says.

The paradigm shift will occur when an admin sets parameters for an application, and VDC-OS does the rest, Balkansky explains. "The sys admin world will be changed. To deploy an application, [the sys admin] will specify the service levels the application requires for availability, security, scalability. [Whether an application] needs five-nines availability or security, it needs to scale to this point. Then the infrastructure that supports and runs the application will interpret policies, execute and guarantee service levels and do it at the lowest total cost of ownership [TCO]. TCO is really a parameter in VDC-OS."

At Your vService
VDC-OS is complicated, but the thumbnail sketch looks like this: It's an umbrella operating system with two primary focuses apps and infrastructure -- to which VMware has added a small "v" at the beginning: Application vServices and Infrastructure vServices. Each of these areas is further broken down into sub-categories. Tying it all together is vCenter, the new name for VirtualCenter, VI's management tool.

Application vServices includes three key areas of enhanced functionality:

Availability: VMware says this will be achieved primarily through VMware Fault Tolerance, which makes a duplicate copy of a virtual machine (VM) on a separate physical server.

Security: VMware announced VMsafe last February, which will be delivered in future versions of VI. VMsafe provides APIs for third-party security vendors to write programs for VMs created by ESX. It'll allow those programs to go deeper inside VMs and detect more malware than in the past.

Scalability: While no new products were announced in this area, VMs will scale up in capacity with the ability to use double -- up to eight -- the number of virtual CPUs (vCPUs), as well as quadruple the amount of RAM they can use (up to 256GB).

Infrastructure vServices also has three main components:

vCompute: The main upgrade here is VMDirectPath, which allows devices like a physical network interface card to directly access a VM, cutting down on processing overhead.

vStorage: Storage is a promising area with a number of new offerings, starting with vStorage. Much like VMsafe, vStorage provides APIs for storage vendors to hook into VI and integrate their products more directly. vStorage Thin Provisioning saves storage space by allocating storage on an as-needed basis, rather than setting aside a block of storage space which may or may not get used.
vStorage Linked Clones is another space-saving technology that shares common OS images in storage, avoiding a duplication of that information for each VM.

vNetwork The most excitement in networking surrounds virtual distributed switches. One of the biggest VMworld announcements involved the Cisco Nexus 1000V switch, Cisco Systems Inc.'s first-ever virtual switch. Expect other vendors to come out with similar products quickly.

On the management side, the biggest update to vCenter, other than the name change, is the integration of AppSpeed, the fruits of the B-hive Networks acquisition. A VMworld demo showed its ability to monitor VMs at a level far deeper than formerly available with vCenter.

Architecture vs. Marketecture
Although VDC-OS is an ambitious undertaking, the announced goals aren't groundbreaking. In fact, some believe it's as much a marketing campaign as anything else. "I think [VMware CEO] Paul Maritz understands IT technology on a large scale and has articulated their IT strategy better," says Burton Group Senior Analyst Chris Wolf, a virtualization specialist. "VDC-OS allows them to group all this together under a common message."

Wolf believes the new message is less technology-focused, and he says that's a good thing. "The problem was they weren't tying their solutions back to applications and back to the user. IT decision-makers worry about [issues like], 'How do I solve this problem?'"

Rachel Chalmers, research director for infrastructure management for the analyst firm The 451 Group, agrees that much of VDC-OS is about re-branding rather than new technology. "VDC-OS is partly marketecture and signals a changing of the guard," Chalmers says, from former CEO Diane Greene to Maritz. "Greene was always very careful to say that the hypervisor is not an OS."

Maritz doesn't have those same concerns, she says: "Maritz described the new raft of releases, the new roadmap, as an OS. It's just a different way of framing the conversation." Chalmers adds that VDC-OS contains "no radical departures from the roadmap. It's exactly what you would have expected from a VI announcement."

Independent consultant Edward Haletky, a VMware specialist who has written a book on ESX, says, "VDC-OS is a concept. It's a different way of looking at the existing VMware product line. The interesting part is that it has split off the concept of compute resources, networking resources and so forth. For example, vCompute is ESX. vStorage is SRM [VMware's Site Recovery Manager]. vNetwork is a distributed virtual switch. They've announced all these products [before] -- it's just another way of organizing them."

The difference, Haletky continues, "is in layering; putting the hypervisor below all these layers. VDC-OS is everything above the hardware." He also believes that it's VMware's way of minimizing the hypervisor, which has become commoditized. "Microsoft has been touting that its hypervisor is free," he explains. "[VMware is] downplaying the hypervisor's role in all this. Virtualization is not just the hypervisor anymore. It gives a new view of the way VMware's going to design and architect things in the future."

Q&A

By Ed Scannell

2009 should be an interesting year for Paul Maritz. Hired to replace VMware Inc. CEO and co-founder Diane Greene earlier this year, it will be Maritz's job over the next 12 months to keep Microsoft from tearing away a huge hunk of VMware's share of the virtualization market. Microsoft has made it abundantly clear that it intends to compete hard in this space, but if anyone has the resume to carry it off, it's Maritz. He worked for Microsoft from 1986 to 2000, and as a result, few have a thicker playbook than Maritz on the product strategies and corporate culture of Redmond.
Maritz sat down with Redmond Editor Ed Scannell to assess the challenges he faces competing against his old company, VMware's new partnership with Cisco Systems Inc. and why he doesn't want to own the cloud.

How important is it for VMware to own a piece of the cloud as part of your overall strategy?
Well, our whole strategy actually is to not own the cloud going forward, but instead to enable interoperation between clouds and a corporation's internal infrastructure in the cloud. As we help our internal customers become more efficient -- and they often characterize efficiency and flexibility as becoming more cloud-like internally -- what that really involves is finding a way to abstract the application loads from the underlying infrastructure. As we increasingly separate those two, it opens up the opportunity for them to use the infrastructure either from inside the firewall or outside the firewall in someone's cloud. Our primary contribution is to enable internal IT customers to make business decisions about whether to employ external cloud resources or not. It's not a black-or-white issue for them whether they should migrate from what they're doing now and into somebody's cloud. That can essentially be a tactical decision they can make based upon business needs going forward.

But in so doing, we also enable a degree of interoperability between clouds. One of the problems with the cloud strategies put forward by Amazon, Google, Microsoft and others is that they likely will be incompatible.

What are some of the technical problems with moving internal and external virtual machines (VMs) around and ensuring consistency between users and various service providers?
It's clearly a set of technical and standards-based issues you have to work through. The good news is we think that the kinds of things we need to get done -- for example, make apps run more efficiently in a virtualized environment -- are exactly the same things [companies] did to allow more interoperability with the cloud. Specifically, one of the sub-components of the vCloud strategy is the vApplication strategy. So the notion about how you describe an application in such a way that it can run efficiently, be provisioned efficiently and have a service-level agreement associated with it in an independent application infrastructure is an important one. We see the vApplication standard important both for internal as well as external use.

Your relationship with Cisco is an interesting one. Talk about that relationship and the virtualized switching infrastructure you hope to create.
That's about blending the virtual and physical worlds and making it easier for network managers to manage things. There's a dimension of the network that needs to be virtualized. In other words, how do you handle traffic between virtual machines? At some point those virtual machines also have to communicate out into the physical world. So you have to mange the interaction with the physical networking world. What Cisco will do is basically insert into our virtualization layer a reimplementation of the basic virtual-switching software that we have. We've encouraged them to do this because we believe that our layer should be a true platform where you can plug things into and out of it. So what they've done is plugged into our platform a virtual software switch that looks -- from a management perspective -- just like a physical Cisco switch. So a network admin can manage their network in a uniform way and do so independently of whether it's physical or virtual.

What things can you take from Microsoft's playbook -- which you know so well -- to help you compete better against them?
I certainly have a great deal of respect for Microsoft and take them very seriously, but I'm not overawed by them. When you're competing against Microsoft, you have to be firmly convinced of your value proposition and then execute based on that. You do have to realize they can afford to make more mistakes than you. But if you set your sights on a truly differentiated value proposition, and you execute well, you'll do very well.

You've made ESXi free. Are we going to see similarly competitive price drops for VMware infrastructure?
We're in a competitive environment, and we know we have to respond accordingly. We're not going to stick our heads in the sand. Our intent is to stay ahead on functionality.

Are you comfortable with the technology to where you can tell users to virtualize everything, including mission-critical apps like ERP and CRM? Or are we at the point where some of that is still coming down the road?
We have many large customers who are still on the journey, which will time out in the next 12 to 18 months. Our goal is to get to a 100 percent virtualized environment. The only reason some of them may not get there completely is they have stuff still running on IBM mainframes.

How important do you think a standardized software stack being put in place for virtualization would be? What things are you doing to make that happen?
That's the essence of our Virtual Datacenter OS vision -- by extensive use of virtualization and related technologies, our customers can completely decouple the provisioning and running of their application environment from the underlying infrastructure. They can get close to their nirvana, which is to be able to treat all their compute resources as a single giant computer in which they flexibly provision applications for their users.

Admins as Button Pushers
An important part of that design is vApplication (vApp), which enables multitier apps to be configured, deployed and managed as a single unit. Leveraging open virtual machine format (OVF), which allows virtual appliances to be run on disparate hypervisors, vApp promises to further simplify virtualization. VMware's Balkansky goes back to the assembly line analogy: "It's how manufacturing happens nowadays; you push some buttons and the product comes out the other end."

For instance, consider a typical three-tier architecture for an application such as Oracle Customer Relationship Management (CRM). It consists of a Web server, application server and database.

"Instead of managing each tier separately, you can bundle them, move and manage them together, and assign policies to the whole instead of individual parts," Balkansky says. That involves combining multiple VMs. Using OVF, admins can specify policies for availability, security and other parameters and extend the OVF schema to define their own requirements. "It's a production line for IT, [in which administrators] automate all of these tasks in IT, and produce high quality," Balkansky says.

Security Concerns
That's a good thing, but the downside comes in increased security risk. VDC-OS has the potential of increasing vulnerabilities, which puts it at a disadvantage in the current era of HIPAA, Sarbanes-Oxley and other regulatory standards, especially when considering its central role as part of VMware's "cloud computing" strategy. Wolf says, "security is a huge problem for a lot of organizations. VMsafe should be the first product with a reliable security stack acceptable to security auditors. [VMware is] the first vendor to deliver that framework. Security auditors need to accept the [cloud computing] architecture as a security boundary, or none of this matters."

Haletky, who owns AstroArch Consulting Inc. and does a lot of virtual security work with clients, believes that without proper security measures, VDC-OS will struggle to gain market acceptance. "Everyone's going to get their hands on the VMsafe APIs. More APIs means more chances to hurt a system. They have to properly secure the system, and how they'll be implemented is a major concern." That means a team effort, Haletky says. "It's not really VMware's problem in a lot of ways. They've opened it up, [so it becomes] the vendor's problem -- how do they secure it? Security's [often] an afterthought. And as long as it's an afterthought, it's a weakness."

Security in the virtual realm requires a new way of thinking, Haletky continues. "It has to change at the mindset layer for the security professional. It can't just end where hardware ends; it has to end where virtualization ends, which means ending with VMs."

The Cisco Factor: Network Virtualization Gets Real

By Tom Valovic

VMware's Virtual Datacenter Operating System (VDC-OS) is an architectural framework where storage, network and compute core elements are all virtualized as resource pools. The idea is to create the ability to optimize interaction between domains by making the pools transparent to each other. So the network, for example, gets visibility into the virtualized base of servers, which enables them to work together harmoniously in the process of moving VMs around dynamically.

To make this a reality sometime next year, VMware Inc. is working with key strategic partners on capabilities related to storage and networking aspects. To optimize network resources to better support virtualized environments for its customers, VMware's primary partner is Cisco Systems Inc., which also has a small ownership stake in the company.

A new Cisco product called the Nexus 1000V, announced at VMworld, is a key part of this collaboration. At the show, Ed Bugnion, CTO of Cisco's Server Access and Virtualization Business Unit, described the Nexus 1000V as "the first third-party ESX switch" and Cisco's "first software switch," with the latter being a significant milestone for the networking giant. Why? Simply because in the next-generation data center, moving features and functionality to software is an important step toward creating truly virtualized environments where there's full transparency between different resource pools.

Zeus Kerravala, senior vice president with the analyst firm Yankee Group Research Inc., sees Cisco doing more of this going forward. "Down the road, the network will be the orchestrator of virtual services [and to that end] Cisco is moving more towards being a software company. It's rapidly changing from a hardware and network company to a software and IT company. And to be a strategic vendor, they need to be more 'IT relevant' than they have been in the past."

So will VMware work with other network partners besides Cisco to do this? Kerravala doesn't think so. "Who else is in a position to build something like this?" he says.

The Nexus 1000V, integrated into VDC-OS, will be available next year. In the meantime, there will likely be other similar collaborative projects between the two companies, as yet unspecified. But for now, both companies expect that the new functionality afforded via Nexus will improve security, policy enforcement, scalability in VMware environments and management capabilities for VMs overall.

Another critical area of collaboration for the two companies centers on VMware Virtual Desktop Infrastructure (VDI) solutions. A critical element in any VDI deployment is the communications link, whether affected locally with a LAN or between enterprises over a WAN link. But if a WAN is involved, latency issues are more challenging, and application delivery solutions can be implemented to improve performance. Cisco is currently offering products to address these types of performance issues for both VDI and cloud computing, including Cisco Wide Area Application Services (WAAS) and the Application Control Engine (ACE).

Deadline Pressures
VMware has set an aggressive timetable to have all the pieces of VDC-OS in place by the end of next year. Balkansky says that although VMware hasn't publicly announced a release schedule, it's committed to the 2009 timeframe.

The 451 Group's Chalmers is less sure. "This is the VI roadmap. They can't ship all of it. If they do 80 percent of it, they'll be doing well. Storage vMotion has been very, very difficult to develop [and] Network vMotion is a level of complexity even beyond that," she says.

Wolf says that it's in VMware's best interest to hit those 2009 deadlines. "I have no doubt about them [hitting their shipping dates]," he says. "They have a small window of time to establish themselves as dominant in the market. They have to move extremely quickly; if they move slowly, it plays right into Microsoft's hands."

In Microsoft's Sights
Indeed, Microsoft itself has been rushing virtualization products to market; witness Hyper-V, System Center Virtual Machine Manager 2008 (VMM 2008) and the standalone Hyper-V Server, three major products out in the first 10 months of this year. Given how serious Microsoft and other companies like Citrix Systems Inc., Virtual Iron Software Inc., Red Hat Inc., Parallels Inc., Novell, Sun Microsystems Inc., Hewlett-Packard Co. and others are about the emerging virtualization space, sitting still amounts to falling behind.

VMware still has a substantial technology lead, however, and it seems intent on not just keeping that lead but extending it.

"VMware is promoting a stack, including parts where Microsoft historically hasn't gone in the past -- in server storage, network infrastructure [and so on]," Wolf says. One question following VMware's announcements, in Wolf's mind, is: "How much will Microsoft chase VMware or go down its own path? In terms of features, VMware is still ahead of its competitors."

That's been Chalmers' experience as well. "When we talk to end users, VMware is still their default choice," she says. "It's not just features and functionality that are so far ahead. Skill sets are overwhelmingly [built] around VMware."

Haletky says the VDC-OS concept puts more distance between VMware and the competition, now and in the future. "I think VMware's widening the gap, and they already have a wide gap," he explains. "No Storage vMotion [for Microsoft] -- Hyper-V doesn't have VMotion," a technology for moving VMs from one physical host to another with no downtime. "Distributed Resource Scheduling (DRS) -- no one has that, other than VMware," he adds.

Haletky says that when the new features of VDC-OS are included, the chasm will grow even more: "When you add in fault tolerance, distributed virtual switches and VMsafe, I think it's just going to get wider."